Published February 20. 2023 10:24AM
by Jill Whalen jwhalen@tnonline.com
The Lehigh Valley Health Network has been the victim of a cybersecurity attack, the network announced Monday.
“As of today, the attack has not disrupted LVHN’s operations,” according to a statement from Brian A. Nester, DO, the network’s president and chief executive officer. “Based on our initial analysis, the attack was on the network supporting one physician practice located in Lackawanna County. We take this very seriously and protecting the data security and privacy of our patients, physicians and staff is critical.”
Nester said the attack was from a ransomeware gang, known as BlackCat, which has been associated with Russia.
On Feb. 6, the network detected unauthorized activity within its IT system.
“Our technology team identified the unauthorized activity, and we immediately launched an investigation, engaged leading cybersecurity firms and experts, and notified law enforcement,” Nester said in the statement. “We are continuing to work with our experts to investigate the scope of the incident and as of today, we continue to operate normally.”
Although the investigation is ongoing, Nester said that as of Monday, the network’s initial analysis shows that the incident involved a computer system used for clinically appropriate patient images for radiation oncology treatment and other sensitive information.
“BlackCat demanded a ransom payment, but LVHN refused to pay this criminal enterprise. We understand that BlackCat has targeted other organizations in the academic and healthcare sectors,” he noted.
Nester said the network is continuing to work closely with its cybersecurity experts to evaluate the information involved and will provide notices to people affected as required as soon as possible.
“Attacks like this are reprehensible and we are dedicating appropriate resources to respond to this incident,” he said in the statement.